package com.zhuang.jdbc;

import java.sql.*;
import java.util.Scanner;

@SuppressWarnings("all")
public class PreparedStatement_ {
	public static void main(String[] args) throws Exception {
		// query();
		// insert();
		// delete();
	}

	// 查询操作
	public static void query() throws Exception {
		Scanner scanner = new Scanner(System.in);
		// 让用户输入管理员名和密码
		System.out.print("请输入管理员的名字: ");
		// next(): 当接收到 空格或者 '就是表示结束
		String adminName = scanner.nextLine();
		// 如果希望看到 SQL 注入，这里需要用 nextLine
		System.out.print("请输入管理员的密码: ");
		String adminPwd = scanner.nextLine();
		Class.forName("com.mysql.jdbc.Driver");
		String url = "jdbc:mysql://localhost:3306/mybatis";
		String user = "root";
		String password = "root";
		Connection connection = DriverManager.getConnection(url, user, password);
		// 得到 statement对象
		Statement statement = connection.createStatement();
		// sql语句
		String sql = "select * from admin where NAME = ? and pwd = ?";
		// preparedStatement 对象实现了 PreparedStatement 接口的实现类的对象
		PreparedStatement preparedStatement = connection.prepareStatement(sql);
		// 给 ? 赋值
		preparedStatement.setString(1, adminName);
		preparedStatement.setString(2, adminPwd);
		ResultSet resultSet = preparedStatement.executeQuery();
		if (resultSet.next()) {
			System.out.println("查询成功");
		} else {
			System.out.println("查询失败");
		}
		connection.close();
		resultSet.close();
		statement.close();
	}

	// 插入操作
	public static void insert() throws Exception {
		Scanner scanner = new Scanner(System.in);
		// 让用户输入管理员名和密码
		System.out.print("请输入管理员的名字: ");
		// next(): 当接收到 空格或者 '就是表示结束
		String adminName = scanner.nextLine();
		// 如果希望看到 SQL 注入，这里需要用 nextLine
		System.out.print("请输入管理员的密码: ");
		String adminPwd = scanner.nextLine();
		Class.forName("com.mysql.jdbc.Driver");
		String url = "jdbc:mysql://localhost:3306/mybatis";
		String user = "root";
		String password = "root";
		Connection connection = DriverManager.getConnection(url, user, password);
		// 得到 statement对象
		Statement statement = connection.createStatement();
		// sql语句
		// String sql = "select * from admin where NAME = ? and pwd = ?";
		String sql = "insert into admin values(?, ?)";
		// preparedStatement 对象实现了 PreparedStatement 接口的实现类的对象
		PreparedStatement preparedStatement = connection.prepareStatement(sql);
		// 给 ? 赋值
		preparedStatement.setString(1, adminName);
		preparedStatement.setString(2, adminPwd);
		int i = preparedStatement.executeUpdate();
		System.out.println(i > 0 ? "成功" : "失败");
		connection.close();
		// resultSet.close();
		statement.close();
	}

	public static void delete() throws Exception {
		Scanner scanner = new Scanner(System.in);
		// 让用户输入管理员名和密码
		System.out.print("请输入管理员的名字: ");
		// next(): 当接收到 空格或者 '就是表示结束
		String adminName = scanner.nextLine();
		// 如果希望看到 SQL 注入，这里需要用 nextLine
		System.out.print("请输入管理员的密码: ");
		String adminPwd = scanner.nextLine();
		Class.forName("com.mysql.jdbc.Driver");
		String url = "jdbc:mysql://localhost:3306/mybatis";
		String user = "root";
		String password = "root";
		Connection connection = DriverManager.getConnection(url, user, password);
		// 得到 statement对象
		Statement statement = connection.createStatement();
		// sql语句
		// String sql = "select * from admin where NAME = ? and pwd = ?";
		// String sql = "insert into admin values(?, ?)";
		// preparedStatement 对象实现了 PreparedStatement 接口的实现类的对象
		String sql = "delete from admin where name = ?";
		PreparedStatement preparedStatement = connection.prepareStatement(sql);
		// 给 ? 赋值
		preparedStatement.setString(1, adminName);
		preparedStatement.setString(2, adminPwd);
		ResultSet resultSet = preparedStatement.executeQuery();
		if (resultSet.next()) {
			System.out.println("查询成功");
		} else {
			System.out.println("查询失败");
		}
		connection.close();
		resultSet.close();
		statement.close();
	}
}
